Jespa NTLM authentication fails in one environment

I have some Java code that needs to authenticate against a Sharepoint server running NTLM authentication. I have this code running fine on the command line in my IDE, but when I deploy it within Liferay as a portlet, it's just failing with 401 Unauthorized.

The code is exactly the same except in how it's invoked. One is during the doView() portlet method (portlet render phase), and the other (which works) is from a public static void main method.

I set the Jespa logging at level 4 to see output. In the NetBeans IDE:

HttpPeer: state=ST_SENT
HttpPeer: state=ST_RECEIVED status=401
NtlmSecurityProvider: null
HttpPeer: state=ST_SENT
HttpPeer: state=ST_RECEIVED status=401
NtlmSecurityProvider: NTLM2 Session Security key negotiated successfully
NtlmSecurityProvider: Initiator negotiated NTLMv2
HttpPeer: state=ST_SENT
HttpPeer: state=ST_RECEIVED status=200

In Liferay logs:

HttpPeer: state=ST_SENT
HttpPeer: state=ST_RECEIVED status=401
NtlmSecurityProvider: null
HttpPeer: state=ST_SENT
HttpPeer: state=ST_RECEIVED status=401
18:37:58,578 ERROR [SharepointListPortlet:76] 
java.security.PrivilegedActionException: our.portlet.util.HttpException: 401 Unauthorized
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.secu开发者_StackOverflow中文版rity.auth.Subject.doAs(Subject.java:396)
    at jespa.security.RunAs.runAs(RunAs.java:261)
    at jespa.security.RunAs.runAs(RunAs.java:269)

It's probably something simple, but I can't put my finger on it. I've looked through all the Jespa sample code and found nothing. Of course Jespa is a commercial product and I'm just evaluating it, so I can't pay for support. If anyone has any suggestions, I'd be grateful.

IOPLEX support will still help you even if you have not purchased the product.

Regarding your question, instead of using javax.security.auth.Subject to supply credentials, try supplying the credentials using "header properties". Maybe your Liferay thingy is creating new Threads and the Subject based credentials are getting dropped. This feature is not documented anywhere (and as such technically it is not supported) but look at examples/HttpGetWithHeaderProperties.java.